Assistant Manager Information Security (IT Security)

PRINCIPAL DUTIES & RESPONSIBILITIES: • Recommend, and review the implementation of security controls for IT projects. • Developing, implementing and enforce security policies, performing security audits, and ensuring compliance with regulatory requirements. • Collaborate with teams to design and implement security controls and respond to security incidents. • Engage and provide support to local Technology Governance to ensure alignment of information security program with business priorities and objectives. • Review and remediate issues identified from penetration testing, technical reviews, audit up to closure. • Promote security awareness and maintain documentation of security policies and procedures. • Lead and perform identity access management reviews. • Lead and manage PCIDSS certification assessment. • Manage the planning and implementation of other security initiatives in meeting the regulatory, business and operation requirements. • Review, and where necessary develop information security framework, policies, standards, guidelines, and procedures. • Review, identify and address gaps in existing controls with regulatory and internal requirements. • Preparation of dashboard information and presenting into IT security weekly and monthly meetings. • Establish, and implement processes and controls to maintain oversight on outsourced IT Security functions. • Any other job functions assigned by BISO. 1. Qualifications • Degree in Computer Science, Information Technology or equivalent. • Professional Certification such as Certified Information Systems Security Professional (CISSP), or Certification Information Security Manager (CISM), or any security related certification is an added advantage. 2. Experience • Background in Information Security and compliance. Experience in IT Governance is an added advantage. • Relevant experience in information security preferably in Financial Services Industry with knowledge in BNM RMiT. 3. Knowledge • Understanding on common standards and local regulatory requirement. • Individuals will typically need a strong technology background or interest in information systems. • Understanding of information security framework and knowledge of security technologies and tools. a. • Good command of English and able to articulate and communicate effectively with various stakeholders.